5 users thanked author for this post.

Is there a way to verify that the “pciclearstalecache” file actually ran & did what it was supposed to do?

I put both files in a folder on my Desktop with nothing else in the folder. After I launched KB4499175 the progress bar sat around the 25-30% area for quite some time before taking off again and completing. I watched the progress box constantly during the entire process but I didn’t see a command prompt briefly appear or for that matter I didn’t see even a “blink”. After completion and restarting the “trustedinstaller” process ran for quite a bit longer than it normally does and checking my Windows Update history now it shows KB4499175 as being installed successfully.

There is a Registry change indication, but I can’t remember what it is. (I have a good memory, it’s just not very long).

If you search the site for pciclearstalecache, you will find it mentioned somewhere in the first half of 2018 along with Internet connection problems and disappearance of fixed TCP/IP settings on networks.

The information IS there – or just trust me for now. I don’t have time to look it up for you.

UPDATE: The first information on the pciclearstalecash file I have is it was bundled with the April 2018 Monthly Rollup KB4093118 delivered through WU – that will give you something to go on for searching.

1 user thanked author for this post.

I don’t know if this indicates anything, but with both the security update and the IE update, and the “pciclearstalecache” file in the same folder with the other two files, once you hit the install tab, for a fraction of a second, you will see some sort of message flash about the cache file being enabled, or something like that. As I’ve already installed the updates on my two computers, I am sorry I can’t provide the exact message that flashes.

Here’s some additional information… a search of the Registry for either of the strings below came back empty after running the update with both files located in the same folder on 5/15/2019…
pciclearstalecache
SlotPersistentInfo

However… I noticed that the pci.sys file itself in the System32\Drivers folder changed after running the update! Here’s what changed for both 32 and 64 bit Windows 7.

BEFORE running the update the date modified on the pci.sys file was 2/10/2018 and the file version was 6.1.7601.24056.
AFTER running the update the date modified is now 4/18/2019 and the file version is now 6.1.7601.24441.

The only difference I see between 32 bit and 64 bit is the file sizes. 32 bit has a file size of 150 kb and 64 bit’s file size is 180 kb. NOTE: These file sizes are noted from the file’s Properties – NOT the file size that shows in Windows Explorer.

1 user thanked author for this post.

@PKCano: I’ve not had computer access for a short time, and now I’m seeing this pciclearstalecache reference which I do not know what it is. Could you please provide this information for me? Apologies once again for being caught without needed information. Thank you, as always, for your expertise, and knowledge in helping us all.

1 user thanked author for this post.

@PKCano: Thank you so much for the information on this. I am attempting to get caught up once again, and I appreciate your assistance with this. YOU DESERVE A HUGE, HUGE“STAR”, from all who use the information you so patiently and freely provide. Thank you once again for your help. 🙂

@Ed:
When we ran that pciclearstalecache.exe in 2018, you could look in Windows\Logs to see that the “date modified” had changed to the current date (or rather, the date it ran) for the PCIClearStaleCache.txt file. That’s how we could tell it had run then; don’t know if that’s the case this time.

3 users thanked author for this post.

FWIW, I can report that I ran the 4499175 msu today (with the new pciclearstalecache .EXE file in the same folder), and the .TXT file in the Windows\Logs folder on my PC is still the one dated 4/28/18.

3 users thanked author for this post.

Same here, mine is dated 5/10/2018 which is the same date other updates show were installed in my update history.

My thoughts are either the file in the Logs folder should have been replaced with a new one or the date/time stamp should have changed. I’m also wondering if KB4499175 showing in the update history as successfully installed equates to BOTH processes completed successfully?

I still have 15 more computers to run these updates on and I’m holding off on all of them until I find out how to verify the process actually went as it should. I just finished running the April updates on all of these systems a couple days ago and I certainly don’t want to re-visit these 16 computers a third time because this didn’t work!

“Administrators should ensure that any one or more of the Monthly rollups released between April 10, 2018 (KB4093118) and March 12, 2019 (KB4489878) have been installed prior to installing April 2019 and later updates. Each of these rollup updates includes PciClearStaleCache.exe.”

Sort of sounds like maybe there was only one updated version that has to be run once, if I’m understanding what they’re saying. Maybe they keep including it in the Security Only patches since those aren’t cumulative?

3 users thanked author for this post.

I have looked into Born’s article on this, in the MS page for the May updates and around the Web (in the hits in a Google search), and all that turned up was that, while there was a mention of pciclearstalecache whenever the Rollup was mentioned (to the effect that it is no longer included in it and has to be put separately in the same place with the Rollup update), there was no mention of it wherever the Security Only update was mentioned.

Oh, now I might finally understand this: the “pci..etc” file is already “bundled with” = “Part of ” the Security Only patch, so one does not have to download it and put it in the same directory with this patch. One has to do that only with the Monthly Rollup, because it is not “bundled” = not “part of” the Rollup for this month. That is why I can’t find a mention of pci…etc in connection to the Security Only patch, or so I hope. Right?

1 user thanked author for this post.

OK, I think I got it now: the Rollup came “bundled” with the pi…etc before, so two files were downloaded together, now the pci..etc is not included in the download of the Rollup, so it has to be downloaded separately and “by hand”. As to Security Only, things are same now as they were earlier for the Rollup, when both files were “bundled”. But both have to be still in the same directory when installing the Sec. Only. Thanks, PK.

Is there any way of fixing that particular problem with a single file other than the whole monthly security update? There has not been enough time to find all the other flaws in the May update. Win XP has a single ~500K update.

3 users thanked author for this post.

Windows XP had/has a completely different patching system addressing issues. With Win7 through to W10, this all changed in October 2016 where individual patches were rolled-up in SO (Security Only-from the MS catalog) and SQMR (Security Quality Monthly Rollup from Windows Update).

I do believe there are ways to break them apart but, there are also caveats in doing so and I certainly would not recommend it.

@PKCano: Thank you so much for the verification on installation of these updates. I have two only to do, so hoping that all will go well. Your knowledge of computers is absolutely the “very best“, and I do say “thank you, thank you, and thank you” once again for all of the outstanding expertise you possess and share with all of us.

@PKCano: I apologize for asking a question about the NET Framework update, as I just re-read the message where you stated to install ALL Windows 7 updates. It appears to me that the only 2 updates I have are safe to install as you referenced in this message.

Thank you once again. I do appreciate your help more than words can ever adequately express.

It seems to me, after 4 months of not patching (from January to April), that I will finally be patching my Windows 7 and 8.1 systems this month. That “wormable” vulnerability seems to be quite serious.

Just not now. No, I am not doing it now, not until I know what kind of problems to expect from the Windows 7 May patches. I don’t trust Microsoft’s track record on these patches.

I am running Windows 8.1 and MacOS Sierra / High Sierra in addition to Windows 7, and I believe I can afford to wait and see. I disabled Remote Desktop on every one of my Windows computers and I don’t think I am affected, even on Windows 7.

I would like a comment from Woody on “if the service for remote is disabled. is one still vulnerable?”

Excellent question. I would think so – but I don’t know.

The problem is that the bug appears to be in something that’s a precursor to RDP authentication. Microsoft hasn’t given us enough information to say, definitively, that turning off RDP or blocking the RDP port, will also block the vulnerability.

Unless MS comes out and says something official, I have no way to verify the hypothesis, one way or the other.

4 users thanked author for this post.

For the record: Windows 7 Professional, Intel-based, no anti-virus other than Defender / Windows Firewall. Group A. Installed all “Important” updates that were offered and checked, which were three or four related to Office, the monthly rollup, a .NET rollup, and Defender definitions. (I skipped the virus scanning tool.)

The installation proceeded with no abnormalities and so far everything is working as expected. It’s a bit early yet, but I’ve run a few programs so far as experiments and the system appears to be fine.

“If you’re running Vista, hang tight”. I am doing just that in respect of a Vista machine (yes, some are still in use!) and I hope that Microsoft will quickly rectify their omission. The last time they issued a critical XP patch they did remember to issue one for Vista as well.

I need some major help with a Vista laptop I just got in for a tune-up. I’m trying to install the latest available patches, drivers, etc. This machine was last updated on 5/12/2016. Here are the specs:

I am unable to access the Windows Update server so I need to know what updates have been released since 5/12/2016 for Vista and where I can get them. HP has also discontinued support so I have hobbled together some updates from archived sites and even the Wayback Machine on the Internet Archive. Is there a way to access Windows Update? When I try, it just keeps searching for days. I appreciate any help.

The first thing to do, I recommend that you go to this thread in the Microsoft Answers forum and follow the instructions there. The biggest benefit you’ll get is that your wait for the Windows Update service to find updates will get considerably shorter.

A couple of weeks ago I put into service a Vista x86 for Business system, starting from scratch, and while the first couple of hundred updates sailed through, almost as soon as I installed Service Pack 2 the process of finding updates got as slow as molasses. Installing the updates listed in that post brought WU back to a normal speed.

Once you do that, you should be able to find and install updates newer than 2016 without much trouble.

I would then refer you to this other MS Answers thread, which lists certain post-EOL patches released for Vista that will not be available via WU.

Once you’re done with these patches, you might want to consider bringing your Vista laptop closer to current by applying updates for Server 2008. But first things first.

1 user thanked author for this post.

Sorry for the late reply. I followed your recommendations and was able to download 77 updates from MS after applying the five “speed up” patches. I then installed the five Shadow Brokers exploits patches. Everything went smooth! Thank you very much!

1 user thanked author for this post.

Now about those Server 2008 patches. There is an excellent, ongoing discussion of the topic over on MSFN, where they maintain an updated archive of x86 and x64 patches here.

The thread is lengthy but doable, and I recommend following the twists and turns before moving ahead to install anything.

The patches are (of course) not guaranteed to work on a Vista system. In my experience, most of them work, but a few have led to black screens, BSODs, and assorted other inconveniences. So making system images and ensuring that System Restore is enabled are imperative prior to installing Server 2008 patches. In my case, I’ve been able to recover from the minority of patches that caused trouble by using System Restore.

Also, oddly, my Vista laptop has successfully accepted every Server 2008 patch that I’ve thrown its way, including the cumulative rollups that began last September; while my Vista x64 tower and Vista for Business x32 tower have encountered multiple difficulties and the rollups won’t install on them. However, the IE9 and .NET Framework updates continue to install fine. All I can think of to account for the issue is that the laptop is using its integrated Intel display driver, while the two towers have discrete graphics cards (both of them by nVidia) and somehow the cards’ presence could be leading to the black screens.

Once again, sorry for the late reply I got sidetracked with an Acer TravelMate 300 XP SP3 tune up. What a nightmare. I managed to get the XP fully patched but ran into problems when trying to fool Update to think it was XP SP3 embedded (POSReady) with a registry hack in order to get more recent updates. Windows Update downloaded 130 patches, but failed to install. No code given, but said to see install history (not available in XP). I tried to undo the hack but nothing, even going back to a previous restore point, helped. So I just turned off automatic updates. The laptop is also saddled with MSSE which won’t update and can’t be uninstalled, so I just added the legacy Malwarebytes v3.51 (which found 14 PUPs), so obviously the machine has been attacked. Don’t know what else I can do for it. I installed the last browsers; Chrome 49, Firefox ESR52, and IE 8.

Now, back to the Vista machine. When I told the customer she owed me $60 for what I had already done, she didn’t want to spend any more so I’m not going forward with the Server 2008 patches. I have already spent way too much time and effort for the $60.

I would like to thank you very much for the assistance you have offered. I would not reject any suggestions on the XP either.

3 users thanked author for this post.

Just did the May updates on my laptop – Win 7 Home, Group A. All seems fine, though a bit sluggish. I haven’t seen any issues. Will restart again and see if all remains well. If it is, I’m going to go ahead on my desktop – also Win 7 Home, Group A. Fingers crossed!

2 users thanked author for this post.

Hello LHiggins, Two things I do with every MS update session is to Reboot SEVERAL times and let it sit for several minutes. On the last reboot to go to the desktop and let it sit 45 to 60 minutes to “Process Idle Tasks” and let the trusted installer (as per PKCano) run if needed.

It takes at least 20 minutes for the computer to realize you are not using it. If you notice the hard drive light flashing after that, it is “Process Idle Tasks”. Leave it alone (and not go to sleep) until the drive light stops flashing wildly, then reboot again since part of the “Process Idle Tasks” is to reorganize the startup file order.

A more precise way of seeing if Window Updates have completed their mission is by opening the task manager, and checking CPU usage after the first reboot, and waiting until it drops below 10% before doing anything else. Rebooting again, before that, simply interrupts the process.

I’m not sure why you would be doing multiple reboots for updates routinely?

Non-techy Win 10 Pro and Linux Mint experimenter

4 users thanked author for this post.

Hello Elly, nice to talk to you again. Elly your idea is a good one of looking to see if any behind the scenes ‘Idle Tasks” are presently running. For the last few years I and others I deal with will install the MS patches one-by-one, with a reboot after each. I notice my computer runs odd after MOST of these MS updates. I then reboot the computer 2, 3 or more times until is seems to act more normal. I had one poster disagree and say this will all happen eventually with time. Yes, that is true, but I want my computer running properly “right now” (in 20 to 45 min) not in a few days.

The other reason for the reboots is that the computer forces processes (install processes) to end/finalize and get written to disk, forces the registry to write to disk (hopefully before a blue screen happens) and recover normal operation faster. The 45 minute sit idle finishes any leftovers.

3 users thanked author for this post.

Hello again LHiggins, the “rest” or idling afterwards is good. One item I forgot to mention was this month also has .NETs to install. Whenever a .NET is updated or installed, it then needs to run MSCORSVW to rebuild or consolidate the .NET image. his takes time and even though MS says it is transparent, one can feel the sluggishness it produces.

5 users thanked author for this post.

What I have noticed on both of my win 7 machines after the May updates is that they are both running SearchProtocolHost.exe for a long period of time – seemingly indexing every file on the computer! Is that a part of what this update should do? After about 2 hours, I did have to let both sleep, but it started right up again when I woke them this morning. Does that mean it starts over each time or does it pick up from where it left off?

Is there a solution to that long run time? I also did see MSCORSVW running on my laptop, but I don’t recall it on the desktop.

Any suggestions on getting that SearchProtocolHost.exe to stop running would be appreciated.

3 users thanked author for this post.

Thanks for the link and information. It seems to have settled down on both computers – it runs, but nothing like yesterday! Could it have been re-indexing everything after the MS Updates?

A question – I had read that I can change the indexing options so that it doesn’t index everything. Is that a good idea? There are probably files and folders that I never search that might not need to be indexed.

Or turn it off completely? Would I want to do that? This is Win 7, and other than after the updates yesterday, I didn’t really notice if it was running a lot or not.

To tell the truth, until this latest update I really didn’t notice this search indexing running so much. I generally keep track of my memory usage with system monitor, but it was when I was looking at the actual disk activity that I noticed the many many files that were being indexed by searchprotocolhost.exe. I’ll have to pay closer attention when I restart from now on to see what it is doing.

On my laptop, the memory usage is usually between 60-70% but the CPU isn’t usually very high – 10-15% depending on what is running.

On the desktop, memory usage is generally between 15-20%, and CPU is pretty low unless something is actually running – right now, 0-1% while it is “idling”.

Do those sound OK?

I’ll take a look at the article, too and see if that might help. Thanks again!

Hello LHiggins, Hope things are going better for you. ” Could it have been re-indexing everything after the MS Updates?” Possibly. I am not an indexing expert. Like I said we have it off on some computers and left alone on the ones that didn’t give us any troubles. I would leave it on if you can. Someone like NOELC might want to comment.

“A question – I had read that I can change the indexing options so that it doesn’t index everything. Is that a good idea?”. Again it is up to you on how you use your computer. How often do you have it look for a file? If you very seldom have it look then maybe turning off or adjusting the indexing to suit you would be better. If you do search for files regularly, then maybe the defaults are best. See,https://www.howtogeek.com/272158/how-to-choose-which-files-windows-search-indexes-on-your-pc/

“On my laptop, the memory usage is usually between 60-70% but the CPU isn’t usually very high – 10-15% depending on what is running.” This appears to be straining. If you could add ore RAM that would help. 10-15% is OK if something is actually running you want. If it is always hovering at 10% then why? It should go to 1-2% when truly idle.

“On the desktop, memory usage is generally between 15-20%, and CPU is pretty low unless something is actually running – right now, 0-1% while it is “idling”. This sounds very good.

Windows 7 Group B

1 user thanked author for this post.

I agree that the laptop seems to be overworking. It has 4gb RAM and I was thinking of adding another 4 – that should help things a bit. There does seem to be a lot running in the background – I’ll need to really take a look and see what I might want to change.

Things are better as far as the desktop. I guess next time I update, I’ll be sure to let it finish its work before doing anything, and also check to see if that odd indexing behavior happens again.

2 users thanked author for this post.

I was curious if there is a lounge thread on how people are going about disabling remote desktop. So far i’ve disabled remote desktop services within services and i always have the option ‘allow remote assistance connections to this computer’ unchecked.

1 user thanked author for this post.

Another is to go to services.msc and go down to Remote Desktop Services and disable that services (be careful!) and any others that deals with remotely accessing your computer, such as Remote Registry.

While you are there if you are on Windows 7, do you need to have error reports? If you feel you don’t consider disabling “Windows Error Reporting”.

Do not disable services unless you researched them first. A service may be needed but look bad to you in its name.

Hope this helps.

3 users thanked author for this post.

Win 7 Pro x64, Group B. Did the SO as instructed, IE11 and SO .Net 4.6.1, then fired up WU and hid the rollups and updated Defender and two Office 2010 updates before shutting off WU again. Nothing is smoking. Suppose I should be grateful for small mercies…

3 users thanked author for this post.

I have RDP turned more or less permanently off (except when I need to swap files between it and my Mac) and, with the alternatives to Windows I have obtained already as a precaution (and, with no known evidence to the contrary, I must assume they are OK already after their very recent patching — cross my fingers), given the near-future EOL of Windows 7, I am also keeping my home Windows PC off the Internet for a few more days, to have some time to see how things develop. But, with the limited information available, what is the best way to ensure safety within any given situation (users of home, small business or corporate computers) still cannot be decided based on the still not entirely clear information available from MS (something that Woody has pointed out in one of his entries here). So, good luck to all of us!

1 user thanked author for this post.

Windows 7 64-bit, Group A. Updated and all seems OK (so far…) But — as now seems to happen more months than not — Windows Media Player has to be re-configured. An annoyance, but a minor one since all options/settings are retained except for how often to check for updates.

1 user thanked author for this post.

I installed kb4499406, kb4499164 and kb890830 and all went well. Came over here to post, clicked on the main title and the running conversation was no where to be seen. Clicked on recent replies and all could be seen. Anyone else have that surprise?

Windows 7 Home Premium x64 AMD Group A Realtek PCLe GBE Family Controller

Getting the same issue, I thought it was just me. Clicking on a news item on the front page up until yesterday used to bring up a page with the entire thread. Is removing this feature intentional to push us onto the “Comment on the AskWoody Lounge” link as PKCano suggested?

4 users thanked author for this post.

I have around 40 windows 7 machines that I’ll be pushing KB4499164. If I run into anything I’ll let you know. All the other May updates are on hold except for the flash updates. I still need to take a closer look at the .net patch with the issue. I’ll give that a couple days to see if any problems are reported.

3 users thanked author for this post.

That pciclearstalecache.exe is showing up again and really I downloaded and ran that by accident twice when trying to install the May 2019 secrity only Windows 7 patch(Kb4499175).

How about Microsoft you include some spaces between that download and the actual security update as they were are listed so close with no spaces inbetween them and I could have accidently clicked on the update without first clicking on the pciclearstalecache.exe option!

Your Standalone installer packages need to have more messages that inform the user if the installer is auto setting a new restore point before installing any update done via the update catalog/standalone installer. I always manually create a restore point before each individual standalone update just to be safe.

Also are there going to be any more updates of the windows updating/servicing stack(SSU) subsystems that have to be applied that are similar to servicing stack update KB4490628.

Some folks need some whitespace between individual downloads if the standalone installer package is delivering more than the just the individual KB and May 2019’s came with that pciclearstalecache.exe and the Kb4499175 update. Microsoft some folks have bad eyesight so seperate the individual .exe and KBs/whatever choices by double spacing the individual entries.

That CVE-2019-0708 ‘Wormable’ Flaw is actively exploited for things to go to DEFCON 3 for windows 7. But I’m not noticing any issues currently with the May 2019 KBs so my other backup laptops(All windows 7) can wait a while longer as they only go online for new window updates mostly then its back to storage until the next round of KBs the following month…(Until Jan 2020). Even XP is getting some late love from MS for that one also.

1 user thanked author for this post.

The MS information page for the Win7 monthly rollup KB4499164 is reporting problems with McAfee.

You know, I’ve been thinking about the different AV not playing nice with Windows 7 rollups, updates, etc. ie last month’s AV that were having issues, and now McAfee….
I have MSE for my AV and so far, knock on wood, no problems.
It would be interesting to find out if anyone with MSE is having issues.
My money is on “no” they are not.
Having said that,
Is MS messing with all the other AV’s that run Windows 7 because they don’t want them to work anymore with Windows 7?
I’m on the fence about continuing to keep W7 after EOL but was wondering what AV I could use.
TBH, I don’t really trust MS with anything Windows 7.
My RDP has always been off.
I think I’m going to hold off a couple of days and stay tuned here to see what issues may or may not be reported.
Years ago when I had XP and they wanted people to upgrade,
I always felt that an update is what bricked my computer.
I’m feeling this is a dejavu.

Patching as Group B, installed May 2019 Security Only and IE patches, no issues. Single reboot after each. Installed .NET updates via WU, no issue (required reboot). Office 2010 patches and MSRT installed via WU. Sitting at a walnut desk with knuckles knocking on wood, no issues so far after 2 hours. The installs seemed to take the standard amount of time. No flash of a CMD window from the pciclearstalecache.exe part, but that had been installed before.

I see no loss of performance at this time.

Hope this helps.

I intend to install the XP patch from the Catalog on the offline XP machine just in case I go online, but for now it remains offlime.

(BTW, heckuva time for one of my backup drives to act goofy…but you all know the label on the machinery hatch cover: “In order to ensure malfunction, set clamps on all hatches, seal tightly, connect all cables, and start process.” Or, “Whaddya mean, we have no flaps??“)

Win7 Pro SP1 64-bit ESU, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", Group "Patch List", Multiple Air-Gapped backup drives in different locations, "Don't auto-check for updates-Full Manual Mode."
--"A committee is the only known form of life that has at least six legs and no brain."

-Robert Heinlein

2 users thanked author for this post.

The last time I pushed ahead and updated my home computer first was during the March 2018 update disaster, where I ended up having to uninstall the March patches before I could install the April ones. My employer did the right thing and bypassed the March updates entirely.

I suggest that if you don’t NEED it, just don’t expose your Remote Desktop interface to the world wide web.

Just disable it (you may never have ENabled it; it’s not enabled by default). This is from memory: Right-click on My Computer, choose Properties, Advanced system settings, Remote tab. Look in the Remote Desktop section.

Home router between your system and the internet? Great! That’s an extra layer of protection since it normally – unless you’ve reconfigured it – will block incoming connection requests from reaching your computer. With almost all NAT type routers, you’d have to set it to pass ports through or set your whole computer to be in the DMZ in order for connection attempts to reach your computers on the LAN side at all. Don’t do that!

There is something called Remote Assistance that is by default enabled (on Windows 7 Home Premium, at least.) I believe that still works using RDP. It should also likely be turned off. (It is found in the same place you described, under the Advanced System Settings > Remote Access.)

That said, I was curious why being behind a NAT was not being mentioned. I could not figure out how something was supposed to get in that isn’t a part of my network. Unless there is some way to exploit this by my going to a webpage (or otherwise making an outbound connection), I don’t see how it could get in.

3 users thanked author for this post.

I, too, noticed the “Remote Assistance” section and am using Win7 PRO. It was set to ENABLED by default. I have just Disabled it now. Also verified I had set the Remote Desktop section to “Don’t allow connections to this computer” some time in the past and will leave it set to that. Then I had to hit the “Apply” button at bottom of the Remote Tab to make it all take effect.

2 users thanked author for this post.

Installed Rollup KB4499164, Office 2010 KB4464567, MSRT KB890830, .NET Framework KB4499406. I always keep “give me recommended updates the same way I receive important updates” UNCHECKED. My Win7 machine is sitting at a nice idle with Norton performance tasks running in the background. After updating I let it sit for about an hour then ran a few programs, got on some websites I frequently visit, and it all seems to be holding steady with Chrome and common tasks. Haven’t noticed any slowdown after shutting down and powering up again a couple of times. So far it’s all good, thanks Woody, PK, for guidance, and to everyone who piped in with results and feedback. You all make this site a lifesaver for IT types, home users like myself, and companies operating on trust and efficiency. You’re the best!

2 users thanked author for this post.

I installed the two msu’s today (with the new pciclearstalecache .EXE file in the same folder), and so far everything seems to be fine.

I went to Services and found that both Remote Desktop Configuration and Remote Desktop Services were set to Manual — so if they’re both Disabled by default, and I had to guess, I’d guess maybe those settings got changed a few years ago when I let Norton support take over my PC.

In any case, I’ve now changed the Startup Type for both services to Disabled.

As far as I can tell, no. However, it seems unlikely that Vista is unaffected.

For now, I would personally suggest at least disabling Remote connections by following Noel Carboni’s instructions. Right click on My Computer, choose properties, click Advanced Properties, and go to the Remote tab. Make sure any options you see in there are disabled.

You may also want to run services.msc and makes sure that anything that mentions Remote Desktop, RDP, or Terminal Services is not currently running, and is set to either Manual or Disabled. This should be the case after turning off the above options, but it’s worth a quick check. (Don’t mess with anything else! And if you’re at all confused, just look, don’t touch.)

I would hope that Microsoft would also release a fix for Vista or clarify that it is not affected.

Because Server 2008 is affected and Server 2008 is based on the Vista kernel, it is highly likely that Vista is also affected. I was able to manually install the Server 2008 security only update on my Vista system, even though Microsoft has not said a word about Vista.

If you have remote desktop turned off on Windows 7 (Allow Remote Assistance connections to this computer is UNCHECKED) is this enough to fix THIS ONLY: “CVE-2019-0708 Remote Desktop Services Remote Code Execution Vulnerability” without installing any patch?

First time I’ve ever posted although I’ve been reading the various incarnations of the newsletter since about 1997/98. Anyway, FWIW, I was able to install the Win 7 rollup and Net rollup and everything seems to be working fine. I have Win 7 Home Premium. The Net rollup took a few tries (got error 80070020). Googled the error then followed a recommendation to install in safe mode with networking, which didn’t work. I tried it one more time normally and it worked that time. My version of Office is too old so I don’t get those updates.

Edit: Removed HTML

2 users thanked author for this post.

KB4499164, KB4499406 & KB890830 downloaded and installed slick and quick with a shiny new SSD on a 5 year old ZBook. As is my customary practice, patches applied/rebooted individually. All tickety-boo so far. Thanks Woody and all the MVP’s for the timely heads up. Win 7 Pro, x64 SP1, i-7core “Haswell” Grp. A.

2 users thanked author for this post.

Decided to do an experiment on one of my old machines used by my father (AMD FX-8320 CPU / 880G motherboard) to see if the 2019 updates cause any problems, and to familiarize myself with the procedure if I decide I need to patch my Windows 7 systems.

The system was patched to December 2018 level, Group B style. I installed the 2019 updates on that machine in the following order :

The system so far seems to run without problems. Will continue to monitor. If necessary I can revert to the December 2018 image using Acronis True Image.

As for my other systems, they are running both Windows 7 and Windows 8.1 (and MacOS Sierra / High Sierra), and I can use Windows 8.1 at this time while monitoring for any problems associated with the May 2019 updates. Will continue to wait until I decide it is time to patch.

1 user thanked author for this post.

Did you include pciclearstalecache.exe alongside the May updates Security Only and IE 11 Cumulative?

Yes, I did. However, I watched carefully when the KB4499175 update was installing, and did not see that “flash” (even though both files are in the same folder), which I took to mean that that thing did not launch. So before I rebooted the system I ran it myself, then restarted the system.

2 users thanked author for this post.

@woody not sure what your advice is for Vista users but some folks here have asked about Vista concerning CVE-2019-0708. Found info on BornCity posted yesterday, https://borncity.com/win/2019/05/15/critical-update-for-windows-xp-up-to-windows-7-may-2019/
Noted as follows – “For Windows versions that have already dropped out of support, the user must download the update himself. Users of Windows Vista can download the updates (Monthly Rollup or Security Online) of Windows Server 2008 from the Update Catalog and install them manually.”

2 users thanked author for this post.

If you have any Windows 7, 2008 or 2008 R2 devices that require Remote Desktop functionality to be enabled but can’t be updated, at least enable the Network Level Authentication (NLA) workaround. You only need to set a single policy for this to be active immediately. This policy forces authentication to be succesful before the vulnerability can be exploited.

1 user thanked author for this post.

For me it also worked to manually install the Server 2008 security only update (KB4499180) from the catalog on my Vista x86 system. The rollup (KB4499149) did not work, it got stuck at 50% when updating. I have not seen any issues, and will report when I do start seeing them.

I am usually quite hesitant to install updates from another OS. I tried this for the first time when Vista went EOL. I then installed Server 2008 updates for 2 consecutive months, but in the second month Outlook stopped working. I could reproduce that the Server 2008 updates were the cause for this, so I stopped patching Vista with Server 2008 updates, restored an image from right after Vista went EOL and have barely used the system since. I will still upgrade to Windows 7 and then Windows 10, that is why I keep the system alive. If I browse the internet I open a remote desktop to a Windows 7 machine and browse on that one.

I do not know. I did find that the rollups for Server 2008 started somewhere in 2018, but I could not find if older updates are also included. I assume they do not include all updates since Vista went EOL, because that was April 2017. But I did want to try the rollup and as you’ve read it failed. If it was successful I would have had more security updates than just the May 2019 one.

I completely agree, that is why I am usually hesitant to do this (see the example in my message above). But in this case with this bug it was worth the risk of finding out whether it would work. Like you, I have no clue why Microsoft has not issued a patch for Vista, nor why they did not mention Vista at all. I think making a patch available for Vista would be quite easy, as they have already made it for Server 2008 which, as I wrote, is based on the same kernel. The only reason I can think of they just did not bother, because the market share of Vista is probably ridiculously low (I have not checked it).

I have now tried to install KB4499180 for Server 2008 on my Vista Home Premium machine. It got part way into the updating process after restarting the computer but then produced a BSOD followed by a prompt to go into system repair mode, which restored things to their previous state (hopefully without any side effects). Be warned!

2 users thanked author for this post.

I am sorry to hear that. This is why I am usually reluctant to install updates from another OS. One’s mileage may vary. Your example shows how important it is to make a system image before installing Windows Updates, let alone experiment with updates from another OS. Only after restoring such an image does one have certainty that the state is exactly how it was before the update(s). Did you check that the update was indeed not present anymore?

I have now done a manual system restore to the point before the failed update, disabled remote desktop and put a specific block on TCP port 3389. Unless Microsoft issue a Vista-specific patch, that is as far as I can go with this one.

2 users thanked author for this post.

A bit more detail about the failed update on my Vista Home Premium desktop machine (which I have just repeated to remind myself of the point at which it crashed): post-restart stages 1 and 2 of the installation completed OK, but the stage 3 restart failed. A pleasing thing about what happened is that the computer recovered so smoothly after crashing. It has been many years since I last had a BSOD on this very reliable machine.

2 users thanked author for this post.

I took the plunge and just finished installing KB4499149, the Monthly Rollup for Server 2008 SP2, on my Vista Home Premium SP2 laptop. Everything seems to have gone well, tried opening a few programs and they all worked. Also installed the mysterious “pcicompatforserialnumber” .EXE file that came along with it, for which I couldn’t find any information.

FWIW, the installation order I chose was SSU, then pcicompatforserialnumber, and then finally KB4499149. A reboot was requested only after that last one.

While looking into these patches, I learned that monthly rollups for Server 2008 SP2 began in September 2018 and that each rollup includes every Windows patch that came before it, the same model as for Windows 7 Group A. Patching for Server 2008 SP2 ends in January 2020, just as for Windows 7.

1 user thanked author for this post.

OTOH, after working to perfection on the laptop, KB4499149 failed spectacularly on my Vista tower: upon reboot, the machine went into a black screen with just the mouse pointer in the center; nothing that I did brought a display into view. Startup Repair didn’t help, in fact it even claimed it couldn’t find an operating system!

Had to use a Windows installation disk to System Restore to just before the patch was applied. After booting successfully into Vista, a visit to the Windows Update history showed that KB4499149 had “Failed.”

1 user thanked author for this post.

Is there any difference in the way you’ve applied the KB4499149 Win Server 2008 patches on your Vista SP2 laptop (successful) and desktop (failure)? For example, you mentioned in post # 1659353 you applied the April 2019 Servicing Stack Update for Win Sever 2008 and pcicompatforserialnumber.exe file before KB4499149 installed successfully on your laptop. Is that the identical process you followed on the desktop, and have you applied other Win Server 2008 updates on either of these machines since extended support for Vista SP2 ended on 11-Apr-2019?

Pim stated in post # 1637517 that the KB4499149 (Monthly Rollup) failed on their Vista SP2 machine but that the KB4499180 (Security Only) update installed correctly. Does anyone know if there are different prerequisites for these two May 2019 patches?

I haven’t taken any action on my Vista SP2 machine yet except to confirm that Remote Assistance (Control Panel | System and Maintenance | System | Remote Settings) is disabled. I’m still hoping that Microsoft will release an out-of-band patch for this Remote Desktop Services vulnerability (known as Terminal Services in older OSs) that is specifically targeted for Vista SP2 in the next few days.
————-
32-bit Vista Home Premium SP2 * Firefox ESR v52.9.0

1 user thanked author for this post.

Yes, actually there was a difference in the way that I applied the patch to the laptop vs. the tower PC. @pkcanosuggested skipping the manual execution of pcicompatforserialnumber, and this sounded reasonable so I did it.

I doubt, though, that that made such a dramatic difference. Here’s another data point: after the failure of KB4499149, I proceeded to install the Server 2008 SP2 patches for August 2018. (My machine was previously patched up to July 2018. Also, note FWIW that I’m on a 64-bit system.) There are six patches in my folder for that month’s updates. The first one, KB4338380,when clicked on reported that it did not apply to my system. The next two patches , KB4340397 and KB4340939, installed and required reboots that went fine.

However, when I tried to install the Spectre/Meltdown patch KB4341832 and rebooted, the machine appeared to start loading Vista… and then entered into a black screen with just the mouse pointer showing. This is the same behavior observed when I tried to install KB4499149. I suspect that this, and not skipping the pcicompaforserialnumber, is the reason for the black screen.

This is a bit of a problem, because Microsoft began implementing the Rollup model the very next month, September 2018. Rollups, of course, include every patch that’s come before them–which means that they include KB4341832 which cannot be separated out, so I can’t install the rollups on this machine.

I haven’t tried the Security Only update for September (still working on the August patches), but if I understand it correctly the SO is not cumulative so it won’t contain the problem patch KB4341832. Bottom line is that I’ll have to install each month’s SO instead of being able to catch up all at once with the Monthly Rollup as I did with the laptop.

1 user thanked author for this post.

Today I tried to install KB4499180, KB4499149 having failed last week. The result was the same: after visibly attempting to boot, with those rolling bars on the splash screen, Vista ended up at a black screen. The power button was lit, but all it took to turn the power off was to press it once, briefly. (Recall that when a computer is properly booted, in order to power-cycle it you typically need to keep the power button pressed for several seconds.)

So it looks like this Vista tower will, for whatever reason, not accept any major Server 2008 updates beyond August 2018. It does seem to be taking IE9 and .NET Framework updates OK, but not “Vista” (Server 2008) updates. It will have to rely on the machine’s Internet invisibility (“stealth mode” as described by Steve Gibson) for protection from that Remote Desktop issue.

1 user thanked author for this post.

For Vista SP2 users who have experienced BSODs and other problems after installing a May 2019 Windows Server 2008 update (i.e., the KB4499149 Monthly Rollup or the KB4499180 Security Only update) to patch this Remote Desktop Services vulnerability (CVE-2019-0708), it might be worth noting that as of last month’s April 2019 Patch Tuesday the Windows Server 2008 patches will change the build number of Vista SP2 from build number from 6.0.6002.xxxxx (Build 2) to 6.0.6003.xxxxx (Build 3). This is a deliberate change by Microsoft – see the support article Build Number Changing to 6003 in Windows Server 2008 – but some users posting in Jody Thorton’s MSFN thread Server 2008 Updates on Windows Vista have noted that this change to build number 6.0.6003.xxxxx appears to be causing problems on their Vista SP2 systems.
————-
32-bit Vista Home Premium SP2 * Firefox ESR v52.9.0

2 users thanked author for this post.

Now that Microsoft has officially declared the Server 2008 security update to be Vista-compatible, I downloaded KB4499180 again (as well as servicing stack update KB4493730 for good measure). These updates installed successfully on my Vista Home Premium machine. Presumably Microsoft changed something in KB4499180 to ensure a successful Vista installation this time.

1 user thanked author for this post.

I installed KB4500331 to my XP home sp3 machine and now find Defender won’t update. Uninstalled the patch but no joy. Uninstalled Defender and reinstalled but still won’t update. Never had any issues with XP before this. ( The XP system is rarely used but this emergency patch has zapped Defender ). My win 7 & 8.1 machines can sit tight for now.

If you open the XP’s Windows Defender GUI, what is the date of the latest virus definitions that it managed to install?

I have an XP machine where the last Defender definitions are from April 12, which was last month’s Patch Tuesday and is also the date that Microsoft stopped issuing patches for XP POSReady systems. Both Defender and Windows Update on that machine can find the current definitions file and if prompted they try to install it, but the installation always fails. Manually downloading the mpas-fe.exe from the Update Catalog doesn’t do the trick, either.

@Cybertooth, After reinstalling Defender it has been sent back to 1.0.0.0 25/01/2006 and fails to update through the GUI (error code 0x80070643), Windows update, and with the manually downloaded mpas-fe.exe.

Before the latest patch KB4500331 was applied the defs were dated January 2019.

Win 7 updated with no problems so far and windows update on XP still works but Defender has bugged out.

1 user thanked author for this post.

I suspect that this doesn’t have to do with having installed KB4500331, but that it’s an unfortunate coincidence, in that Microsoft happened to stop offering Defender updates to XP as of April’s Patch Tuesday. I have a couple of XP systems, neither of which has that patch installed, and neither of them has successfully installed any Defender updates since last month.

1 user thanked author for this post.

Running Windows 7 Home, I installed the recommended monthly rollup update (4499164) and after that also the Windows tool for removal of harmful software (KB890830).

Then Windows wouldn’t shut down. Perhaps I didn’t wait long enough. I rebooted several times – some of the times a blue screen came. I could start up alright. Then I uninstalled the monthly rollup update. But the problem didn’t go away.

Luckily I did an image backup before the Windows update (with Macrium Reflect), so I may have to revert to that. Unless someone has a good idea? (I have read suggestions about this and haven’t tried them all).

1 user thanked author for this post.

No – I am not using McAfee. I’m using Malwarebytes Antimalware Premium. But thanks for the suggestion.

I went ahead and restored the whole disk (all partitions) from the Macrium Reflect image. But when starting up, I was met with this message:

error – unknown file system

Entering rescue mode

grub rescue >

Here I have to say I have a multiboot Linux system (Linux Mint 19.1). By using a “super grub2 boot” USB I was able to boot into Linux, and then do a couple of commands in a terminal to restore the boot menu. Then everything worked again!

But I find it strange that the image recovery didn’t also restore the old boot menu.

Looking forward to hearing when we can safely install the latest Windows Update to fix that worm vulnerability …

Hello again JustAsking. “Here I have to say I have a multiboot Linux system (Linux Mint 19.1). By using a “super grub2 boot” USB I was able to boot into Linux”. We have seen some odd situations with “dual-boot”. We have even seen a cross-over from one partition to another with using dual-boot and differing MS Windows Versions. To each their own. But we gave up on dual-boot years ago, and yes I know it has been around for decades. We have used “removeable drives’ for the last few years and that works fine. Just sayin’…

Thanks. In very old times they said dual boot were risky, and now you say the same. I have used not only dual boot but multi-boot for a long time, with Windows and different Linux versions (never with 2 Windows versions on the same computer). It has worked nicely up to now, and the grub fix also worked. The multiboot is used because I have a big SSD drive I want to make use of 😉

JustAsking, upon reading your post I saw Malwarebytes Premium mentioned. We have a computer using that and it appears to be beneficial. However, about once a year we run into an issue where the computer is causing a problem. After much investigation we turn off the background process of Malwarebytes. Problem gone. We then look at the Malwarebytes forum and people mention similar and there is a denial of it being Malwarebytes. After about a week a new version of Malwarebytes comes out and the problem is gone. This has happened MORE than once to us.

If you get an answer to your blue screen, please let us know what it was.

2 users thanked author for this post.

Yes, I have also had some problems with blue screens when running Malwarebytes, and corresponded with their support about it. It happens rarely, but now I know how to fix it every time.

It always happens during the scan of the memory. We could not determine the cause but I think I know it now. (See below). When it happens, we can usually reboot and run MB again without problems. Sometimes we can’t start MB, but then disabling all mbam* entries in the processes running (in Task manager) fixes that.

The reason we suspect is rather odd. Sometimes at odd moments I get the message in a big window that Windows(7) is not genuine. That is not true but caused by my moving (cloning) the system from the old (small) SSD drive to a new larger one (using Macrium Reflect). That means Windows thinks it’s a new machine. Seems I have to reinstall Windows to fix that but that’s rather troublesome, and I can live with the small problem. I prefer to make frequent full image backups (in Macrium Reflect) to fix all kinds of ‘unsolvable’ problems. I’ve other small problems with Windows, e.g. the system recovery doesn’t work, but can also live with that.

So we suspect that the blue screen happens if the message of “not genuine Windows” comes while MB is scanning the memory. Just a theory.

Good question @willygirl
There have been reports that McAfee is experiencing problems with updates in Win7 again this month. There may be lingering problems with Win7 updates and the AVs affected last month.

Start that and wait for it to finally open. Once it does click the button that says “clean up system files”. It will again recalculate and take a while to open. Once the box opens with items to clean, go for the temporary files, error files, internet cache, and “old MS updates and Previous Windows version OS” (some people are afraid of Disk Cleanup but it IS from MS and every Windows version has it). If you do run it, reboot afterwards.

Please note that there have been times that we have run Disk Cleanup, Windows update files, old Windows Versions and the reboot took up to 45 minutes to complete. Usually it is not that long, maybe 5 to 8 minutes, but we have seen 45 minutes!

We too, got worried but left it alone and finally made it to the Desktop.

Just reboot, sit back and wait. It is finalizing the cleanup at that moment and it does take time to complete.

Once that is done reboot and the FIRST thing you should do (after about 90 seconds) is install the MS patches. See if this helps. Please keep us posted on any results.

disabling rds and making sure that port 3389 is blocked from the internet are actually enough to avoid applying the patch. I guess i’m going to stay on the fence using this approach for now.

On a different note, I was thinking that KB4474419 was a prerequisite to obtain patches after march, but this month ones are being offered nonetheless. ( and if I instead just wrote an idiocy, sorry in advance)

Edit: HTML removal – Please use the ‘Text’ tab in the post entry box when you copy/paste

1 user thanked author for this post.

Windows 2003 and 2008 server updates and reboot went without a hitch last night except for Quest Desktop Authority script which needed to be resynced this morning.

Our Windows 7 desktops run updates in waves. Only a few in the first wave, I included, who are generally tolerant of issues. I pushed up the other waves, which I would normally not do this soon, to run last night at 3 am. Some did and some didn’t.

PC issues I’m working on today:

1) We use Quest Desktop Authority login/out scripting. Files on distribution servers became corrupt. Early birds who logged in got an error and no mapped drives. Resolved by resyncing to the distribution servers and sending a link to those users to click and run the script again.

3) On those computers who should have installed Windows Updates last night, this morning I can’t access Windows Updates on those computers to confirm. WU is red and clicking check for updates give this error, “Windows Update cannot currently check for updates, because the service is not running. You may need to restart your computer.” WU is running. Restarting doesn’t resolve it. On a test computer (she’s out today; lucky her), I troubleshooted by stopping WU service, renaming SoftwareDistribution folder, and restarting WU. Check for updates runs but shows a long list of 34 updates I know were already installed. Grr. I’m hoping there’s something different I can do to fix that issue instead.

Installed Win7 Home May updates 4499406, 4499164, Group A no issues. Installed separately, rebooted twice for each one. Avast Free and Malwarebytes Pro disabled for the updates. RDP disabled by default. Thanks, Woody.

2 users thanked author for this post.

Installed the May rollup KB4499164 on 2 Windows 7 x64 systems and so far no problems.

One system is Windows 7 Home Premium with Kaspersky and an old version of Malwarebytes; Malwarebytes wasn’t running while I installed the update. Let the machine sit for 30 minutes after the reboot and then turned Malwarebytes back on; so far everything seems to be OK.

The other system is Windows 7 Ultimate running Avast and the old version of Malwarebytes. Followed a similar procedure with it and everything seems to be running OK so far on that one, too.

Thanks to Woody and PKCano for the guidance and to everyone else posting here for all the helpful information. Good luck to everyone.

3 users thanked author for this post.

UPDATE: I’ve now seen one reliable report that there’s an RDP exploit in the wild. The attacks are said to come from China.

I’m serious, folks. If your machine is connected to the internet, you need to install this patch.

Ok, after reading this post from woody………
took a deep breath and installed the May rollup KB4499164
Did not install the .net kb4499406….(not that brave yet)
Did not install MSRT (haven’t for several months now) and hid it
Install went smoothly and having no issues.
I’m adding my internet connection to my info

2 users thanked author for this post.

KB4499164 and .Net monthly rollups installed successfully. I just wanted to clarify that it is no longer necessary to manually disable the two Remote Desktop services given the successful installation of the monthly rollup.

I also do not understand why the pci-clear-cache executable was removed from the monthly rollup starting with last month. I assume that Microsoft removed it for valid reasons, and that I probably don’t need to understand the rationale given that I am in Group A. Was it removed by Microsoft because the NIC error that occurred around March, 2018 had been resolved recently?

PS 2 Applied the RDP fix to an XP Virtual PC by downloading the fix as it was not available via Windows Update. That was a single file but the Win7 equivalent is 2 files. Do I still need to apply this and do I run both files, if so in what order:

I’m in Group B and have Windows 7, and installed the May updates My antivirus program tried to prevent me from installing the Office and .NET Framework updates with a message saying “cannot guarantee the authenticity of the domain to which encrypted connection is established” for the URL watson.microsoft.com. I ignored the warning and continued on with the installation. Did I do the right thing by ignoring the warning from my antivirus program?
Also, the update for Windows Defender KB915597 had to be installed a second time, even though the update history showed that the first installation was successful. Why would that happen?

If you downloaded the updates from the Microsoft Catalog they should be safe. You can also download them from AKB2000003 on this site. The links are direct download links to the Microsoft Catalog. Here is the link to AKB2000003 and the instructions for this month’s updates.

I am Win 7 x64 Group A: I successfully downloaded/installed the May rollup. I haven’t updated the.net framework for a few months: I have the .net patches in the hidden updates. Do I need to instal the previous .net patches before installing the May .net update, or can I just go ahead and download/instal the May .net update and skip installing the hidden .net updates.

Took Woody’s advice and went for it prior to the Def-Con baking cycle being fully completed for the “May” items.

Group A running Win7 PRO 32bit on an old Wolfdale version of Intel Core2 Duo in an HP dc7900 sff. I disabled my Norton Internet Security and then installed each of these one at a time and with about 45 minute wait after each install followed by a reboot. All went without any noticeable issues or sluggishness. Been back on the PC for about 2 hours without any hint of trouble.

1st on deck was the May RU KB4499164, followed by May .net KB4499406, and lastly the MSRT KB890830. After all these were completed, I reran the check for updates and found none (except for a couple optional that I ignored per standard protocol).

I ran the Disk Cleanup tools and then rebooted one last time after making sure TrustedInstaller was no longer showing in Task Manager.

1 user thanked author for this post.

FWIW, I’ve been using Norton, and manually installing Windows (and Office) updates, for many years, and I have never disabled Norton, and that’s never caused a problem. The risk of disabling the protection may be small, because you’re only disabling for a limited amount of time, but I’m inclined to think it’s a greater risk than the risk that not disabling Norton will somehow mess with the updates.

Don’t forget that Windows updates get installed automatically on most users’ PCs, so Norton clearly doesn’t get disabled when those updates are happening.

2 users thanked author for this post.

Thank you for your inputs! I have, except for this one instance, done as you indicate. I took a chance this time, but will likely go back to doing it as you say for my future updating. Grateful for your thoughts and I do agree that AV protection being active makes sense unless the gang starts noticing issues with NIS… Enjoy the weekend, All !

Windows 7 – 64 Home Premium with McAfee (home) Security Center provided by my ISP. I also have the latest Malwarebytes free. Group A.

I installed the cumulative and Net updates and the malware removal tool and haven’t had any problems including slowdowns.
—
As a side note: Askwoody.com has been a lot slower to load since the merger process and almost unreachable in the last day or two. But since the time the “test post” disappeared the load times have been quick. 🙂
-firemind.

1 user thanked author for this post.

On a “test bench” that I setup (AMD 990 motherboard / Phenom II X6 1090T), I tried to run the May 2019 Rollup KB4499164 (previously has the December 2018 Rollup KB4471318 installed) to patch the system, but I was presented with a message that said something like “This update was not installed”. I tried THREE times and was presented with this message every time.

I tried to install it from Windows Update twice, and again the installation failed with the 8000FFFF error message, every time.

Frustrated, I then turned to the Security-only updates and installed them in the order in this post, omitting the .NET updates this time. And this time all the security-only updates installed successfully.

Edit : Now that I think about it again, I have neglected to install the Servicing Stack update KB4490628, which probably may have prevented KB4499164 from installing. But when I attempted the installation from Windows Update I don’t remember seeing that update being offered in Windows Update. Maybe I have to try it again and see if this is the problem.

Hope for the best. Prepare for the worst.

1 user thanked author for this post.

Hello LHiggins, Two things I do with every MS update session is to Reboot SEVERAL times and let it sit for several minutes. On the last reboot to go to the desktop and let it sit 45 to 60 minutes to “Process Idle Tasks” and let the trusted installer (as per PKCano) run if needed.

It takes at least 20 minutes for the computer to realize you are not using it. If you notice the hard drive light flashing after that, it is “Process Idle Tasks”. Leave it alone (and not go to sleep) until the drive light stops flashing wildly, then reboot again since part of the “Process Idle Tasks” is to reorganize the startup file order.

Hope this helps.

Windows 7 Group B

I disagree, and I disagree with with the last sentence in your last full paragraph. Windows bootup is divided into four stages. Everything which loads when Windows boots, loads under one of the following four sequences:

StartType=0x0 ; SERVICE_BOOT_START 0x00000000 (Anything set to 0x0 loads instantly after the kernel loads. OS uptime is the instant when the kernel loads.)

StartType=0x1 ; SERVICE_SYSTEM_START 0x00000001 (Low level drivers including AV drivers and backup utility drivers. These load immediately after all 0x0 has completed, and usually have completed loading during the first minute after zero OS uptime.)

StartType=0x3 ; SERVICE_DEMAND_START 0x00000003 (More stuff, such as programs which check for updates, Windows Update, or programs which you have chosen to launch via Startup. These usually have completed loading within 10 minutes of zero OS uptime.)

The upshot is that, unless there is something seriously wrong with your computer, then after 15 minutes, Windows 7 should be fully booted up and should be in a stable state with the hard drive activity LED flashing once per second.

Yet there is one thing which could possibly affect achieving this stable state: the Windows Disk Defragmenter. This bad puppy, if not correctly configured, can kick in after the 0x2 and 0x3 startup stages to cause a royal mess in terms the Win7 OS achieving a stable state within 15 minutes of OS bootup. My preference is to disable Disk Defragmenter in Task Scheduler and to instead manually run it when I choose to do so.

I’m running Microsoft Windows 7 Professional, Version 6.1.7601 Service Pack 1 Build 7601
System Type x64-based PC. With Microsoft Security Essentials automatically updated daily.
I did a full backup the other night, then ran the update yesterday afternoon. It installed:

After I restarted the computer, I got the message that I installed new updates. Then I got another message: I had no internet connection. I ran the troubleshooter and it told me I had no Ethernet connection because I had no driver. And it couldn’t find any driver or solution.

Assuming that you got your Ethernet driver back following the System Restore (since you were able to post here), you might try installing each of those three patches separately (install/reboot, install/reboot, install/reboot) so as to isolate the problem patch.

Intel(R) Core(TM) i7-2600 CPU That is a good one I7.
Intel(R) HD Graphics OK that is good but what model. Driver Version 9.17.10.3517 nice.

Go to Control Panel, System, Device Manager.
Under Display Driver it should say Intel with more info on its name/model.
Under Network Adapters what is the name(s) there?? There may be one for wireless and one for wired. If so which are you using?

Thanks.

1 user thanked author for this post.

Last year, many folks were having the exact problem you are with their networking cards after installing the monthly rollups for Windows 7…no network card functionality. So, Microsoft published some advice to help those folks out of their tight situation. I copied and pasted it last year in the event it happened to me, so here it is below, word for word in two separate “paragraphs”:

To locate the network device, launch devmgmt.msc (the Device Manager from Control panel as described in the other anonymous’ post just above this one); the network card may appear under Other Devices. To automatically rediscover the NIC and install drivers, select Scan for Hardware Changes from the Action menu.

a. Alternatively, install the drivers for the network device by right-clicking the device and choosing Update. Then choose “Search
automatically for updated driver software” or “Browse my computer for driver software”.

The steps above are written from the viewpoint of having already installed the monthly rollup and having no network card functionality as a result, so you’ll have to install the rollup first.

For the first quoted paragraph above, I added some wording for clarity’s sake.

Either one of us can help you through re-enabling your networking card, so feel free to ask, especially if you feel you’ve gotten in over your head.

Another good idea would be to start a new thread to be able to fully troubleshoot this issue, as we’re getting off topic for this one.

1 user thanked author for this post.

Morty, anonymous 1686536 “6536” here, You have several helping you now.

anonymous 1692108 “2108” Thank you for that information. I had not made it that far, but remembered “this happened last year.” That is good data and since it happened to you you are familiar with it. My NICs didn’t have any issues last year.

1 user thanked author for this post.

Made the update of the monthly rollup for Windows 7 – KB4499164. (Waiting with the NET opdate). Did the monthly update tool for removal of malware first separately (KB890830).

All went well. There was a pretty long closing time (perhaps 5-10 minutes) after the installation. Next reboot went smoothly.

My troubles previously perhaps were related to the fact that being impatient I reset the machine before it had finished closing second time (there was no message “Don’t shut down the computer” as there was during installation). Anybody agrees with this? (Just to recapitulate the former troubles: the multiboot system (grub) was disturbed resulting in not being able to boot anything).

5 users thanked author for this post.

Hello JustAsking, your anonymous buddy from above. I must say I agree with PKCano. There do seem to be times that Windows is stumbling around with the hard drive light flashing wildly, yet no mention to wait. I, SueW and others will wait for a few minutes if needed for that drive light to settle down before we click restart. I always install one-by-one and reboot after each patch. After the last patch installs (you are finished), let the computer sit an hour and not go to sleep so the idle tasks, and .NET MscorsVW compiler can run or you might have an annoyingly sluggish computer.

Windows 7 Group B

Edited a section to prevent confusion.

1 user thanked author for this post.

Sorry to have too ask, but I cannot find “pciclearstalecache” in the places where I have looked: the MS Catalog (I expected to be in the same place as the Security Only update, but found only the .msu file there.)

I tried searching for it in the MS site, but got the message that there were NO entries on that subject. Probably there was some problem because I entered “pciclearstalecache” (without the capitals that I could not remember where they went, and after also trying it as above but with”.exe”) as the objective of the search).

Looked up the April Win 7 updates on “gehacks”, but found nothing there about where that file might be. Their only links were to the Catalog page for Win 7 I had already visited without success.

So some help finding this item will be sincerely appreciated. My thanks to you for this in advance.

Attachments:

1 user thanked author for this post.

This is very strange. Both the .msu and the .exe files have shown up together just now, when I looked again for the Security Only, by typing KB4499175 in Google’s search field and got, again the page of the Catalog for the Sec. Only and then clicked on the “download” button for the Win 7, x64 patch there.

Sorry I did not take screen shots when I looked earlier for this update in the Catalog, because, believe it or not, it only showed the .msu. And when I clicked on the link in AKB2000003, I only got the .msu downloaded. Believe it or not. Cross my heart and hope I die. One more of life’s little mysteries?

1 user thanked author for this post.

I run Windows 7 Pro (64 bit) SP1. All the post in this thread (for the new patch) refer to disabling Remote Desktop.

I can find no such file on my computer. What I do find is RemoteApp and Desktop Connections, which according to Windows Help…”is a feature in this version of Windows that you can use to access programs and desktops (remote computers and virtual computers) published for you by your workplace network administrator.”

Thanks. I made the change and UNchecked Allow Remote Assistance. What was strange was before I posted, on Control Panel->All Control Panel Items->Remote App and Desktop Connections, it said that there were currently no connections available on this computer, which I took to mean that none were set up.

I had reported on May 15th that I had installed the May 2019 Group B security patches (See post #1629184).

Today I ran the Belarc Advisor and it reports that I am missing the February 2019 monthly Security Only Patch (KB4486564) for Windows 7-64Pro_SP1.

I know I had installed that patch in very late February. I checked my WU installation history and it said it was successfully installed on February 27. I checked the WU installed updates list, and it is not present. I did a search by KB number and it is not present.

I attempted to reinstall it and it said the update was not applicable to my system.

Question: Is this a supercedence issue? Or did a subsequent May 2019 patch remove and/or replace the February 2019 Security Only Monthly (KB4486564) patch? The package details tab in the Catalog for the May 2019 Security Only patch does not have it replacing the February 2019 KB number.

1 user thanked author for this post.

BillC, that is an odd situation. Like PKC said could you had the wrong bit or maybe “embedded” version of update by mistake? I do have both the history and installed KB4486564 in my Windows 7.

I did see where a person at reddit with a 2008 server had a similar issue and part of his solution was to make sure he had the new version of Windows Update Agent. Are you up to date on your WU (windows update) and SSU (servicing stack update)?

1 user thanked author for this post.

It was the correct version for Win7-64: 2019-02 Security Only Quality Update for Windows 7 for x64-based Systems (KB4486564) or exact file name of (windows6.1-kb4486564-x64_ad686ee44cfd554e461c55d1975d377b68af5eca.msu)

I just re-downloaded the February 2019 SO patch and compared the full file name, and the file size with my archived version and it is identical. I maintain an archive of every SO patch since the new patching system started. I will try to install again using the new version, but expect the same result. This is a new patching wrinkle for me.

I am using the most current Servicing Stack Update with the SHA-2 capability.

Update: Here is a screenshot of the exact notice that the attempted install gives:

Attachments:

Don’t keep messing with this one. It’s clearly a matter of supersedence. It cannot be applied after the April 2019 one. Also, disk cleanup removes it. This has happened before with the January 2017 Security-Only update.

2 users thanked author for this post.

I tried once to re-install, so that is it. I am not one to really tinker with a glitch if it not having a negative effect.

I also remember one back in 2018 where the original SO (and rollup) patch was buggy and then MS released an out of band replacement(s). I installed the replacement and that time Belarc showed the original as missing for months, and then suddenly it did not.

First let me say, that I have become exhaustively tired of having to hold my breath every month for the last couple of years, when it’s time to monthly Windows 7 update. And constantly expecting an explosion of either epic proportions (the total loss of Windows due to a non-working system backup), which happened, or a BSOD, of course it happened. I think I have lost at least 5 years of my life with the MMWW (Monthly Microsoft Windows Worries). However, I still remain a proud Windows 7 Home Premium 64 bit SP 1 Intel Core i5 520UM Arrandale 32nm Group B owner & user.

Well, after reading hints and tips from the people in the know on this sight, like disabling the Remote Desktop & Remote Configuration, disabling the disk defragmenter, my antivirus is not one of the problem ones, though I made sure it was totally updated, and I am using the GWX Control Panel Monitor. I bit the bullet last night, and using SueW’s excellent how-to update list for May (thank you SueW! I really do look forward to your lists!), I downloaded Updates KB4499175, pciclearstalecache, and KB4498206, placed them in a folder created on desktop. I had a minor problem with the KB4499175 installation. It always takes only 3-4 minutes to install the SO update. Usually within seconds, the percentage of completion message pops up (from 7% to 30%) with the message, ‘Please don’t shut off computer’. There was no % message. Period. I waited 1/2 hour. The only message was ‘Configuring download… Please down shut off computer’. Finally after 30 minutes I did shut down computer, waited 15 minutes, turned it back on, and the same message appeared on the desktop, but the percentage crept up to 30%, as usual, the computer shut down, and the desktop appeared normally. Yeah!! I waited 1/2 hour, installed KB4498206 without incident, waited another 1/2 hour, then checked Windows update. I don’t have Office and don’t use Microsoft Security Essentials, so I hid that, and just installed NET Framework (KB4499406), rebooted and waited 1/2 hour. As of this moment, everything is working well.

Thanks again so much to SueW, Elly, Woody, PKCano, and so many others who have made this possible nightmare into just a bad dream.

2 users thanked author for this post.

Hi anon, I’m glad you were successful despite having to hold your breath.

May’s SO update (KB4999175) was 100 mb in size; it’s usually been about half that size in previous months. So that might have been the cause of a longer than usual installation time.

Do you actually shut down your computer, or do you click on ‘Restart’ in the Windows Update box and let Windows do its thing? If you’re shutting down your computer, then I would think that any processes in progress would also be shutdown (prematurely?), and then when you turn your computer back on, those processes would resume.

Since I’ve been following the “Group B” instructions, I first download both the SO and IE Updates, and then I always install the Security Only Update first, then I install the IE Cumulative Update next, and then I click on ‘Restart’ to let Windows reboot my computer. (I know that others install each Update separately, ‘Restarting’ in between.)

I just wonder if shutting down your computer and then turning it back on might have led to the delay(s) that you encountered.

Thank you for reporting your results — I’m glad everything is working well.

I click on ‘Restart’ in the Windows Update box after installing the SO update, wait 15 minutes and then install IE update & again click on ‘Restart’ wait 15 minutes. In the past, I tried once installing them both, the SO then the IE Cumulative, and then clicking ‘Restart’, but it didn’t work (received error message). So for the last 6 months or so I install each Update separately, ‘Restarting’ in between. The only time I’ve ever completely shut down the computer during an installation was last night when there was no percentage processing message for the 1/2 hour. I pressed the shutdown button, waited another 1/2 hour then turned it on. It went to the desktop, and began showing the proper processing message. This afternoon, turning it on, everything seems to be working properly, except that I had to reconfigure my media player. No biggy!
Thank you again so much for showing concern. Both you and so many other people on ‘Ask woody’ are genuinely caring individuals.

2 users thanked author for this post.

Under Display Driver it should say Intel with more info on its name/model. Under Network Adapters what is the name(s) there?? There may be one for wireless and one for wired. If so which are you using?

Morty, anonymous “6536” here. anonymous “2108” may have a solid solution, look into what he said. Below are some items I found. One is about this happening last year and the fix MS had at that time.

I know getting online is most important, but if you wish to update your NIC drivers see below the comments of the previous patch event to the Intel and MS driver suggestions. Do what you feel best with.

This happened back in March/April of 2018. Below was the fix at that time.

I had wanted to update my Windows 10 Home, 64 bit, HP version 1803 to version 1809 as recommended by Woody in the end of April/early May, but I could no longer find the update in my hidden patches. I searched the Windows update catalog for 1809, I searched how to find it in the internet, but I could not find it so I installed the April cumulative update to 1803 successfully.

It seemed to me finding the update in the catalog would be easy, but it eluded me.

Perhaps this has been asked and answered, so I apologize for not seeing it, but life has just been crazy, and my friends are all idiots who stopped updates ages ago by having some tech turn them off. I can’t ask them anything. Of course one got a virus, had 7 reinstalled but still has updates off.

I still would like to move to version 1809 for Windows 10 Home. What do I search for in the MS catalog to find version 1809 ? Can some kind soul provide me a link or even just the search term?

1 user thanked author for this post.

Thank you PK! With the Windows Media Creation Tool am I then able to find the correct download from the MS catalog? I would be happiest going to the catalog because I do not want to have to fight with MS about what version I get of updates. If the tool doesn’t decide, do I not need details to be sure I get the correct update?

You can’t get the UPGRADE from the Catalog.
You can download it through Windows Update.
OR
You can download the Media Creation Tool which creates the install media on your PC.
You will need a bootable 16-32 GB USB drive or a Double Layer DVD (DVD+R DL)
To upgrade, run the Media Creation Tool.
Choose “for another computer”
It will create an ISO.
Burn the ISO to the DVD or USB drive.

Okay, but I got the dates mixed up. Woody had stated that an all new version was being pushed out–not the last fall version or not 1809. Can I just wait and go from 1803 to the newest release when Woody says it is safe to move there, and just skip 1809?

I know this all seems obvious stuff to you, and so many others here, but I am just a user who wants to be safe and who excels in another field entirely.

The one to be released later this month is 1903. You can wait for it until any time before Nov. 2019 – that is when 1803 will be EOL.

The thing you shouldn’t do is upgrade to a new version immediately after it is released, because it will be full of bugs. I would give 1903 AT LEAST three months (depending on reports) after release to even consider upgrading to it.

1 user thanked author for this post.

This is good news. I must have read incorrectly in the end of April that there was something else being pushed that came out later than 1809, and it would try to download on my Win 10 home when I searched for updates. I must be confused. Hopefully if I do a check for updates I won’t get anything other than 1809. Am I wrong about the order of the updates as to what Home will get. We can’t put things off. unless we hide them.

Hi @morty, if you’re game to try installing that problematic rollup again, here’s something you might try: before installing the rollup, find the name of the Ethernet driver that you’re losing when the rollup gets installed and copy it to a different, safe folder.

To do this, go into Device Manager and find your Ethernet driver. Right-click on it and then click on Properties at the bottom of the context menu. Then go to the Details tab and click on the little arrow that’s at the right end of the button just below where it says “Property.”

Now scroll down the menu that will drop down, and look for “Inf name”. Once you find it, select it with the mouse and the field named “Value” will show you the name of the relevant file.

Now go to your Windows directory in Windows Explorer and do a search for the file with that name. (It’s probably in the C:\Windows\inf folder.) Right-click on the search result for that .INF file and select “Open file location.” Now you can copy the file to a different folder–say, the Documents folder; the idea is to place it somewhere you’ll remember. Make sure to copy it and not to move it to that other folder. Also make sure to write down the folder where Search found the file, so that you can put it back there later if necessary.

Now install the problematic rollup (before this, make sure that System Restore is still turned on). Reboot when requested.

If, after rebooting back into Windows, you find that you’ve lost your Ethernet connection once again, go back into Device Manager and “update” the driver, although in this case it’s simply bringing back what you already had. When it asks where to find the driver, type in the folder where you stored the copy of the .INF file.

I know this method works because I did it just three days ago on a Vista machine that I was putting into service. (Don’t ask… 🙂 ) After a certain round of patches to bring the OS more up to date, the machine lost its Ethernet driver and I had to do a System Restore to get it back, then I carried out precisely the same procedure that I described above.

If this doesn’t work for you, you can use System Restore to put things back they way they were before the rollup and you’ll be no worse off than you were before.

Give a holler if you get stuck at any of these steps. I thought about adding screenshots, but this post is already quite long.

Cybertooth has a good way to fix it if you want to follow him. He is a good guy. He, I and others worked on a problem he had last November/December, in the “windows-7-pc-gets-very-sluggish” forum here.

Keep us posted Morty.

2 users thanked author for this post.

Now scroll down the menu that will drop down, and look for “Inf name”. Once you find it, select it with the mouse and the field named “Value” will show you the name of the relevant file. Now go to your Windows directory in Windows Explorer and do a search for the file with that name. (It’s probably in the C:\Windows\inf folder.) Right-click on the search result for that .INF file and select “Open file location.”

They headed me off at the pass. I found the file name but, lo and behold, search tells me there’s no such file as oem11.inf.

I’m going back to a typewriter…..

Attachments:

2 users thanked author for this post.

This is weird, but I had the same non-result when I looked up the Ethernet driver on my Windows 7 PC just now. Over the years, I’ve found that Windows Search isn’t the most reliable feature of Windows. In this case I had to go into the C:\Windows\inf folder myself to find it there.

Try repeating the search from within that folder, and if that fails, then scroll slowly up and down the contents of the folder (as I had to) until you find that oem11.inf file.

Another, almost equally tedious, way to do it would be to tell Explorer to search for all .INF files by typing *.inf in the search bar. You’ll get a ton of results, but that worked for me too.

Attachments:

1 user thanked author for this post.

That IS strange. Is the PC where you can’t find the Ethernet driver, the same PC where you’re posting to Woody’s from? If so, it would mean that you have a working Ethernet driver (since you can get on the ‘Net) but Device Manager is giving you the wrong information.

One way around this would be to visit your PC manufacturer’s website, find their page for your model, and download their Ethernet driver to a safe place, then proceed to install the rollup.

Hi Morty 6536 here, CyberTooth is right, I looked on my Win 7 and did have the OEM11.inf file in C:\windows\inf folder, so that is weird.

I posted before 2 places to get the driver, and as CyberTooth said, if you have a Dell (you said previously – BIOS Version/Date Dell Inc. A11, Fri 12/30/11) you should be able to go to DELL and with your “tag number” or model find the drivers for that PC. Dell is usually VERY easy to find drivers.

using admin cmd>pnputil -e you can get a list of oem drivers in .inf section. i update my intel wifi cards quite often and the driver you are using is from 5 years ago? which updating “may,” solve your connectiion difficulties.

using admin cmd>pnputil -e you can get a list of oem drivers in .inf section. i update my intel wifi cards quite often and the driver you are using is from 5 years ago? which updating “may,” solve your connectiion difficulties. please let us know what happens

5 users thanked author for this post.

wow, that is a loooong list of oem drivers. i keep 6-8 on my win 7’s and as part of my maniacal cleaning problem(s) i take out the one’s i will never use again to avoid potential conflict problems. i guess the best thing to do is download the Dell driver for your card and/or the shiny new Intel driver (which i update as often as they are made available) from their website (shown above in another post) thern install the troublesome patch, roboot then run the pciclearstalecache? and then install the driver of your choice and reboot as necessary. personally, i did not get any action from pciclearstalecache.exe this time maybe because it is already there? from the last time it was called for. any way where is VolumeZ when he probably knows what to do to fix it all in one easy swoop?

hope you have already gotten to the promised land and are surfing with ease…

1 user thanked author for this post.

3. you can try a Group B method this time and next month go back to Group A’s monthly rollups. CyberTooth what do you think?

anonymous 6536, that makes sense to me. The Security Only patch is bound to have less “stuff” going on, so it may dodge the Ethernet driver issue that Morty is running into. (Assuming that his other PC is susceptible to this problem.)

I’m still curious if Morty tried downloading the driver from Dell to store in a different folder and then install if/when the Monthly Rollup nukes the existing driver.

1 user thanked author for this post.

I tried getting the driver from Dell, but they wanted me to install something called SupportAssist. It sounded too much like giving control of my system to Big Brother Dell. Not that I’m paranoid or anything.

1 user thanked author for this post.

I’m beginning to think that it might be better to wait for the storm to pass. Am I being foolhardy?

Please go to the site that @gonetoplaid suggests here, and then click on the button labeled “Probe THIS Port” near the top. It will tell you whether the port involved in this Remote Desktop issue is open, closed, or stealthed. If the result comes back as Closed, you’re OK. If it comes back as Stealth, you’re even better off: according to Steve Gibson, having a port in Stealth mode is better than Closed since with the former, a potential attacker won’t even know that there is something to attack.

With either a Closed or Stealth result, you should be all right holding off on this problematic Windows patch.

2 users thanked author for this post.

GRC has always been my first website visit when setting up a new PC/Router. Shields up and instant UPNP Exposure Test are excellent online checks for your set-up. He also has a few utilities which are of the same calibre never10, inspectre and unplug ‘n’ pray 😉
Steve’s stuff is highly recommended, the guy is a star in my book!

2 users thanked author for this post.

Hi Morty, It looks like your provider, computer or router is doing a good job at protecting you. Now the question is for CyberTooth and myself, what are your plans with the MAY updates? Which method are you going to use or are you going to sit back and wait until next month’s patch tuesday? You don’t want to be the first, but not the last either. Remember that saying back last year in post #223122?

anonymous 6536

1 user thanked author for this post.

Well, I decided to follow Woody’s DEFCON advice and start applying the May updates to my Windows 7 systems this week.

The experience has been, umm, interesting. Did the Security Only KB4499175 on a little (SFF) tower PC and it seems to have gone fine. Since it doesn’t have Internet Explorer 11 (still on IE8, I really should get around to bringing it up to date but it’s seldom used), it was not eligible for the IE11 patch. The .NET update also installed without issues.

I waited a day to make sure that nothing untoward was happening and moved on to the next Win7 computer. KB4499175 went fine. Now this machine does have IE11… but when I try to install KB4498206, it claims that the patch is not applicable to my system!?! (The bitness is correct.)

Not sure what to make of this. These are my two test beds before proceeding to the work computer, so I hesitate to try the IE11 patch on that one until I find out why it won’t install on the test computer.

Wait a minute–I decided to get the exact wording of the “does not apply” message to post here, so tried installing KB4498206 once again… and this time it worked. How weird, it took three tries for it to finally “catch”.

Guess I’ll let the IE11 patch simmer for a while, see how things work out, and then go on to the main PC if there is no further strangeness.

2 users thanked author for this post.

Hi CyberTooth, Yes that does seem “interesting”. I usually install the IE11 patch first. Was this install the first patch and was it the very first thing you did upon booting the computer? Everyone has their own procedures and mine is to run ccleaner, reboot, make a registry restore point reboot again. After rebooting let it sit a minute or three and then manually install the Windows Catalog file I just downloaded that day for Windows 7.

I usually do NOT have any issues with the IE11 patch.
Keep us posted CyberTooth!
anonymous 6536

This is the first I ever remember having an issue with an IE patch. Typically I’ll install the Windows SO update first, then reboot, then wait for the PC to settle down, next install the IE update, reboot, and after it settles down re-enable Windows Update to find any miscellaneous patches (.NET, MRT, etc.). I admit that there’s no particular reason for that installation order. 🙂

Nor do I typically reboot before installing the first Group B patch, I’ll just disable Windows Update and then start the first manual patch. In my case, I’ve found that Windows will create its own restore point prior to installing a manual patch.

In Modern English Usage, H.W. Fowler seemed to be enjoying poking some fun at journalists:
“The gentlemen of the Press regularly devote a small percentage of their time to accusing each other of mixing metaphors or announcing that they are themselves about to do so … the offense apparently being not to mix them, but to be unaware that you have done it.” https://hamodia.com/columns/eating-words-muphrys-law/

“Before installing this update Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest Rollup. SSUs improve the reliability of the update process to mitigate potential issues while installing the Rollup and applying Microsoft security fixes.

If you are using Windows Update, the latest SSU (KB4493730) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the Microsoft Update Catalog.“

I’ve ensured that Remote Assistance (Control Panel | System and Maintenance | System | Remote Settings) is disabled, and when I checked the status of Port 3389 at https://www.grc.com/port_3389.htm and clicking Probe THIS Port as suggested <here> by GoneToPlaid my status is reported as Stealth (the best rating according to https://www.grc.com/su/portstatusinfo.htm. Given the number of Vista SP2 users who have reported system instabilities after installing a May 2019 Win Server 2008 security update I’ve decided to hold off installing the Win Server 2008 KB4493730 (April 2019 Servicing Stack Update) and KB4499180 (May 2019 Security Only Update) until I’m sure it’s safe to do so.

Two questions I still have. AFAIK, the Security Only updates are not cumulative updates like the Monthly Rollups, so is it necessary to install the latest SSU (April 2019 KB4493730) before KB4499180 (May 2019 Security Only)? Secondly, I know that the Win Server 2008 KB4499149 (the May 2019 Monthly Rollup) changes the Vista SP2 from build number from 6.0.6002.xxxxx (Build 2) to 6.0.6003.xxxxx (Build 3) per the MS support article support article Build Number Changing to 6003 in Windows Server 2008. However, does the recommended KB4499180 (May 2019 Security Only update) also increase the build number?
————-
32-bit Vista Home Premium SP2 * FF ESR v52.9.0 * Norton v22.15.2.22

This reply was modified 1 year ago by lmacri. Reason: Changed "KB44991180" to"KB4499180"

1 user thanked author for this post.

Installing any Win Server 2008 update on a Vista SP2 OS (especially for users who have not been applying these updates on a monthly basis since the Vista SP2 EOS on 11-Apr-2017) seems to be a risky prospect at the moment.

It’s definitely a hit-or-miss proposition. I have a little-used Vista x86 for Business machine where the July 2018 patch KB4339291 caused a BSOD on reboot. Whaddayaknow, System Restore had been turned off somehow and there were no restore points. Plus, since it’s a tertiary PC the most recent backup image I had was from January 2014. Ouch!

The same patch (KB4339291) worked perfectly on my Vista x64 laptop, but the installation failed (no BSOD) on the Vista x64 tower PC.

I’m no longer applying patches to the x86 tower (the effort-to-reward ratio is too great) but am keeping up the two x64 systems. The laptop and tower both installed that SSU KB4493730 without issue; however, while the May 2019 Monthly Rollup KB4499149 installed great on the laptop, it left the tower in an unusable state with just the mouse pointer showing in the center of a black screen. (Thank you, System Restore.) So whereas previously I’d install each month’s Server 2008 patches first on the laptop as a test and then on the tower, the laptop got completely up to date in one stroke while the tower is still catching up (August 2018).

I’m not sure what I will do past the August 2018 patches. On the tower, that month’s patch KB4341832 led to the same kind of black screen as the May 2019 rollup. Because Microsoft, in its infinite wisdom, stopped releasing individual patches as of September 2018, every Server 2008 rollup will presumably now contain KB4341832 and give me a black screen. I’ll try the Security Only bundles for each month in turn and see how they go.

EDIT: This is VERY strange. That was me, Cybertooth, who wrote this post about KB4339291 etc., but it’s credited to @Imacri to whom I thought I was simply replying!!!

Mods, please modify the post info so that it reflects who wrote it.

ALSO, Imacri’s post to which I was replying seems to have disappeared (replaced by mine??).

1 user thanked author for this post.

Update on my post just above, incorrectly attributed to @lmacri whose post mysteriously disappeared when I replied to it:

Tonight I tried installing the Security Only patch bundle for September 2018 on the Vista x64 tower. It didn’t work: the computer booted to a completely black screen. Tried again ande this time I got a black screen with a mouse pointer that I could move around, but no other display of any kind.

Am currently running a Startup Repair and will probably end up using System Restore to go back to the August 2018 patch level.

It’s not looking promising for getting this system updated past that month.

@Imacri: Having trouble trying to get logged in, and then when I finally did, had difficulty finding the “reply” menu to send this. What in the world is going on with the “log in” program, and the rest of the menu? Does anyone have a clue??

EDIT: This is VERY strange. That was me, Cybertooth, who wrote this post about KB4339291 etc., but it’s credited to @Imacri to whom I thought I was simply replying!!!

Mods, please modify the post info so that it reflects who wrote it.

ALSO, Imacri’s post to which I was replying seems to have disappeared (replaced by mine??).

@cybertooth We’ve had a couple of problems caused by “problem-solving”. It looks like some of this is related to the problem you report. At this stage, modifying posts’ author information could cause downstream issues, so we’ll note it for later. Also, there is no sign of a disappeared post, yet… Thks 🙂

Did NOT install the IE KB4505050 since they are going to fix it next month anyway.

Installed one at a time. Rebooted in between each update letting it sit 1 or 2 minutes after update was installed (one took 5 minutes to have the hard drive settle down).

No network issues. No oddities – other than slow 1st boot after SO update and 15 minutes @ 100% CPU after the .NET install.

Rebooted 3 times and let it sit for several minutes. (15 min after .NET for Disk activity and CPU to settle.)

I would recommend people on the last reboot to go to the desktop and let it sit 45 to 60 minutes to Process Idle Tasks, let the trusted installer (as per PKCano) do its thing and let the NGEN recompile the .NET image.

You can force the Idle Tasks if you want by the administrative command prompt: rundll32 advapi32.dll,ProcessIdleTasks

You can enter that then walk away for 15 to 20 minutes. If the drive light is still on, it is still running, walk away again. Do not allow the computer to go to sleep. Reset the Power Options to 1 hour sleep if needed. Laptops make sure you are on AC power not battery!

“Threat actors have started scanning the internet for Windows systems that are vulnerable to the BlueKeep (CVE-2019-0708) vulnerability. This vulnerability impacts the Remote Desktop Protocol (RDP) service included in older versions of the Windows OS, such as XP, 7, Server 2003, and Server 2008.

Microsoft released fixes for this vulnerability on May 14, as part of the May 2019 Patch Tuesday updates train, and warned users and companies to patch vulnerable systems as soon as possible, classifying the issue as very dangerous, and warning that CVE-2019-0708 could be weaponized to create wormable (self-replicating) exploits…“

Attachments:

How long has it taken you in the past to do a similarly large backup on that computer?

Do you know whether (a) the backup drive that you’re using, and (b) the USB port that you have it connected to, are USB 2 or USB 3? If either of these is USB 2, the data copying will be much slower than if both are USB 3.

Assuming that both the backup drive and the port where you have it connected are both USB 3, then the first possibility that springs to mind is that either the drive or the connector developed a problem that preclude it from using the faster protocol (USB 3) and is reverting to USB 2 to do the job. This happened to me some years ago, where backups to a USB 2 drive suddenly got excruciatingly slow. It turned out that the drive developed a problem and was using USB 1.1.

Another possibility is that you might have inadvertently switched out the USB 3 cable that you had previously used to connect the backup drive, for a USB 2 cable. I still have USB 1.1 cables lying around the office and I have to be careful to use them only for stuff like scanners and printers–if at all.

1 user thanked author for this post.

How long has it taken you in the past to do a similarly large backup on that computer?
Do you know whether (a) the backup drive that you’re using, and (b) the USB port that you have it connected to, are USB 2 or USB 3?

Yes, USB speed can be a major issue. USB 1.1 at max speed continuously for 11 hours comes out to about 58 GBytes transferred.

But, fallback to 1.1 is unlikely these days, and 2.0 should’ve been enough to have the copy finish already. Therefore I’d look at other possible causes…

There’s a traditional HDD failure mode where the surface is fine but seek accuracy gradually degrades, making seeks take longer and thus causing i/o slowdown. Uncommon in the wild except for some specific disk models. This does show up in SMART counters if you know to look for it but isn’t typically caught with default diagnostics. (Last time I caught one of these, a service organization asked to have the disk as an example of this problem for training…)

Also there’s a similar thing possible with SSDs, and that doesn’t usually show up anywhere except i/o delays.

Why do you use Microsoft’s low quality backup features when there are some great FREE backup apps like Macrium Reflect.. and paid like Acronis True Image… Both will run full backup in a couple of minutes..

1 user thanked author for this post.

Why do you use Microsoft’s low quality backup features when there are some great FREE backup apps like Macrium Reflect.. and paid like Acronis True Image… Both will run full backup in a couple of minutes..

Long story, but you’re right. Will tell the whole story when I have the time to open a new topic on it.

FORT MEADE, Md., June 4, 2019 —
The National Security Agency is urging Microsoft Windows administrators and users to ensure they are using a patched and updated system in the face of growing threats. Recent warnings by Microsoft stressed the importance of installing patches to address a protocol vulnerability in older versions of Windows. Microsoft has warned that this flaw is potentially “wormable,” meaning it could spread without user interaction across the internet. We have seen devastating computer worms inflict damage on unpatched systems with wide-ranging impact, and are seeking to motivate increased protections against this flaw.

CVE-2019-0708, dubbed “BlueKeep,” is a vulnerability in the Remote Desktop (RDP) protocol. It is present in Windows 7, Windows XP, Server 2003 and 2008, and although Microsoft has issued a patch, potentially millions of machines are still vulnerable….

2 users thanked author for this post.

I have Easeus installed, but found it complicated. I also worry that if, Heaven forbid, everything does go bad, I won’t have the program to run the restore. I know the Windows restore will be there.

I’m also at a point where any sharp learning curve gives me whiplash. So I’m reluctant to start up with Macrium. And some years back, I had a bad experience with Acronis. I don’t remember what the issue was or when, but it made me reluctant to try again.

How long has it taken you in the past to do a similarly large backup on that computer? Do you know whether (a) the backup drive that you’re using, and (b) the USB port that you have it connected to, are USB 2 or USB 3? If either of these is USB 2, the data copying will be much slower than if both are USB 3.

Thank you.

My last full backup was 5/16. That backup seemed to go fine.

I backed up to my WD 3TB My Passport Portable Hard Drive USB 3.0 Model WDBYFT0030BBK-WESN, with the USB cable that comes with the drive. So I guess it’s USB 3.0.

FYI: I’ll be going offline later today until late Monday night. So it may take me a few days to respond. Thanks again!

All right @morty, as @mn- suggested, the backup drive itself is a logical suspect.

Please download HD Tune from here, making sure that you choose the second offering on the page, named simply “HD Tune”, and not the first one named “HD Tune Pro”, which is a trial version of the fuller program.

Install HD Tune by clicking on the downloaded .EXE file, then launch it and when the program window pops onto the screen, find your backup drive in the dropdown menu that’s just below the File and Help menus at top left. Select the backup drive there and then click on the “Error Scan” tab. Hit the “Scan” button (don’t check the “Quick Scan” box) and do something else while you wait for the scan results. (You can work normally on your PC in the meantime.)

Let us know the result of the Error Scan, whether or not it finds any damaged blocks (marked in red).

Then, select the Benchmark tab and click on the “Start” button there. It’ll take not more than a couple of minutes. Once it’s done, take a screenshot of the graph (to do this, you can click on the icon above that Start button that looks like a blue floppy disk), save it, and attach the screenshot to your reply.

If everything checks out with the backup drive, the next suspect is the computer drive from which you are making the backups (the “source” drive). Have you noticed any slowness lately as you’re trying to open, save, or close files or programs?

1 user thanked author for this post.

This topic is about DEFCON-3 and updates.
Please create a new topic under the appropriate Forum to continue troubleshooting Morty’s computer.
If you can’t edit to insert the link to it here, DM me and I will create the link for you.

2 users thanked author for this post.

@PKCano: I attempted to send you a message, however I don’t see it in the list. If you have not received this message please let me know. It is a question about the reason I have not received any June update notices (other than the Windows Defender and Malicious Software Removal ones) which I never use. Windows 7, Home Premium, Group A, no sophisticated programs. All of the May updates were installed quite some time ago. I hope this isn’t a duplicate message, however I can’t see the one I sent (that has occurred previously and don’t know the reason, however they eventually do appear). Thank you very much for your assistance.

I see my last message listed, and it has a reference to my problem with not receiving any June (Important) updates. My apologies for the need to bother you with what appears to be a mundane question (??). Thank you once again.

I would like to thank you very much for the assistance you have offered. I would not reject any suggestions on the XP either.

You are welcome, and I do have a suggestion for XP.

On my Vista systems, I use an anti-exploit program by the name of HitmanPro.Alert. IMHO it makes an excellent complement to standard anti-virus software. They still support Windows XP and you can find the latest download here. (Make sure to select HitmanPro.Alert which is the resident application, rather than HitmanPro which–while still very good–is an on-demand scanner.)

There is a very good (although by now impossibly long) thread about it at Wilders Security Forums; you could sample the first few pages to get an idea of what it’s about, and then read the last 10 pages or so to see how things stand currently.

Plus Membership

Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.

AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments. Click here for details and to sign up.